NGINX "SSL full option not working" – Checksum failed

Hello everyone,
I’m trying to setup the full SSL option on my NGINX webserver. So:
– I’ve created my self-signed certificate and I’ve enable it through my configuration
– I know that I allowlisted permanently all the Cloudflare IPs ranges.

But it does not work. A strange issue appears: if I restart NGINX webserver and then I go to my website, the page loads as I expect. But then, if you reload it, the error 521 “Web server is down” is showed.

I’ve tried to investigate a little bit, and I did not find any debug, information and errors in NGINX logs. However, using tcpdump, I recognized one possible error. All the packets shows the checksum as failed. Then my server does not return anything.

linux_vps_.https > [REDACTED]: Flags [FP.], cksum 0x2163 (incorrect -> 0xed28), seq 19227:19258, ack 1283, win 252, options [nop,nop,TS val 2551152448 ecr 660729444], length 31

Would you mind to post your nginx config?

Of course, I’ve redacted it a little bit to hide all the personal information (such as domain name). But this is the NGINX configuration.

server {
        listen 80 default_server http2;
        listen [::]:80 default_server http2;
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /var/www/website/certs/cert.crt;
        ssl_certificate_key /var/www/website/certs/cert.key;
        
        root /var/www/website/html/;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name mywebsite.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}

Note that cert.crt is a self-signed certificate.

This topic was automatically closed after 30 days. New replies are no longer allowed.